Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2303

OIDC Client realm roles do overwrite the resource roles if not explicitly disabled

XMLWordPrintable

      When use-realm-role-mappings and use-resource-role-mappings are set to true all previously found resource mappings are overwritten by the realm role mappings.

      When the use-realm-role-mappings are being disabled using a oidc.json configuraion as follows the resource roles will be available only:

      {
  "realm": "MYREALM",
  "auth-server-url": "https://keycloak.somedomain/auth/",
  "resource": "BisonProcess",
  "use-realm-role-mappings": false,
  "use-resource-role-mappings": true,
}

      It is not possible to have a combined set by defining the following configuration:

      {
  "realm": "MYREALM",
  "auth-server-url": "https://keycloak.somedomain/auth/",
  "resource": "BisonProcess",
  "use-realm-role-mappings": true,
  "use-resource-role-mappings": true,
}

            fjuma1@redhat.com Farah Juma
            reinhapa Patrick Reinhart
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: